Prevent direct execution of some files.

libraries/messages.inc.php

@@ -8,6 +8,10 @@
  * file.
  */
 
+if (!function_exists('__')) {
+    die('Bad invocation!');
+}
+
 /* We use only utf-8 */
 $charset = 'utf-8';
 

setup/lib/common.inc.php

@@ -15,6 +15,10 @@ define('PMA_MINIMUM_COMMON', TRUE);
 define('PMA_SETUP', TRUE);
 chdir('..');
 
+if (!file_exists('./libraries/common.inc.php')) {
+    die('Bad invocation!');
+}
+
 require_once './libraries/common.inc.php';
 require_once './libraries/url_generating.lib.php';
 require_once './setup/lib/messages.inc.php';

setup/lib/messages.inc.php

@@ -8,6 +8,11 @@
  * file.
  */
 
+if (!function_exists('__')) {
+    die('Bad invocation!');
+}
+
+
 $strSetupAllowAnywhereRecoding_name = __('Allow character set conversion');
 $strSetupAllowArbitraryServer_desc = __('If enabled user can enter any MySQL server in login form for cookie auth');
 $strSetupAllowArbitraryServerMsg = __('This [a@?page=form&formset=features#tab_Security]option[/a] should be disabled as it allows attackers to bruteforce login to any MySQL server. If you feel this is necessary, use [a@?page=form&formset=features#tab_Security]trusted proxies list[/a]. However, IP-based protection may not be reliable if your IP belongs to an ISP where thousands of users, including you, are connected to.');